Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Failed to write to disk with raw acsess in Win10
jason_chen
Member - All Emails Posts: 19
Hi,
I'd like to read/write the hard drive directly in a driver but encountered a problem recently. It's in Win 10 and the steps are listed below:
1. There are 2 NTFS Hard Drives(HD), namely, the HD0 and HD1. The HD0 has the C: system volume installed, while the HD1 is the disk that we want to access in raw mode .
2. Open the handle to HD1 by ZwCreateFile, it worked;
3. Read the data from HD1 using ZwReadFile, it worked again;
4. Lock the volume by sending FSCTL_LOCK_VOLUME to HD1 disk handle, it worked again;
5. Write the data from HD1 using ZwWriteFile, it failed with 0xc0000022 (ACCESS_DENIED);
6. Try to roll IRP instead of ZwWriteFile call, still got the same error.
The code snippets are following:
RtlInitUnicodeString(&DiskPath, L"\Device\Harddisk1\DR1");
InitializeObjectAttributes(
&ObjAttr,
&DiskPath,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
Status = ZwCreateFile(
&GRawDiskHandle,
GENERIC_READ |
GENERIC_WRITE,
&ObjAttr,
&Iosb,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE |
FILE_NO_INTERMEDIATE_BUFFERING |
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if(NT_SUCCESS(Status)) {
Status = ZwFsControlFile(
GRawDiskHandle,
NULL,
NULL,
NULL,
&Iosb,
FSCTL_LOCK_VOLUME ,
NULL,
0,
NULL,
0);
if(NT_SUCCESS(Status)) {
Status = ZwWriteFile(
GRawDiskHandle,
NULL,
NULL,
NULL,
&Iosb,
PBuf,
TmpLen,
PBlockAbsOffset,
NULL);
//
// ******ERROR: ACCESS_DENIED returned here******
//
}
}
It's a little weird that the HD1 was locked but I still can't write to the disk.
Any comment will be highly appreciated.
Thanks,
Jason
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Writing WDF Drivers | 12 September 2022 | Live, Online |
| Internals & Software Drivers | 23 October 2022 | Live, Online |
| Kernel Debugging | 14 November 2022 | Live, Online |
| Developing Minifilters | 5 December 2022 | Live, Online |
Comments
Are you doing this from kernel mode or from user mode?
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
Kernel mode, it's a driver.
Is it caused by that the HD1 was mounted? but just as I mentioned, I have already opened the raw disk in read/write mode, and locked it successfully, the access denied error should not be returned when writing to the disk.
You said "NTFS Hard Drives". Is this disk actually partitioned and formatted? Are you sure you want to reference the disk, and not the partition?
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.